CVE-2025-15573

Name of the Vulnerable Software and Affected Versions SolaX devices (affected versions not specified)

Description Devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices. An attacker can pose as the server and issue malicious commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.